Mapping IT and Operating Risk
As organizations become increasing reliant on information technology, resilience to cyber-events such as internet outages and computer viruses is increasing important. Consequences of such events can range from minor inconvenience to major societal disruptions. In this project, we are extending the RiskMAP process into the healthcare sector. That process brings IT and business directors together to:
- Identify and rank the top-level business goals for the firm.
- Identify the business processes that support those goals, detailing the consequence to each driver if the process were to become unavailable.
- Identify the information flows that support each business process and their criticality to each process.
- Identify the IT assets (hardware and networks) that are involved with each information flow, and their criticality to those flows.
The result is an end-to-end map linking IT resources to business processes. The goal of RiskMAP is to develop a clear, shared understanding of how IT risk translates to business risk. We are developing and testing a RiskMAP template for the healthcare sector. Such a template would greatly facilitate use of RiskMAP by individual healthcare firms.
CDS Researcher Publishes Findings
Scott Dynes, Senior Research Fellow and Project Manager at the Center for Digital Strategies, published recent findings on how companies in the retail and healthcare sectors are managing information risks affecting their operations. "Emergent Risks in Critical Infrastructures," is available in PDF format.
[ more ]
"Information Risk Management and Resilience,"
in Critical Infrastructure Protection III,”
"Managing Risk of IT Disruptions in Healthcare Settings: A Continuity of Operations Planning Process," in Proceeding of the 2009 AMCIS.
This research is supported by the Department of Homeland Security, through the I3P.